Internet protocol (IP) telephony is a process of commoditization and collapsing of the traditional data and voice networks. Commoditization occurs whereby proprietary systems that traditionally performed the processing and transmission of voice traffic are being replaced with computing devices that are nodes in an IP network. The computing devices use application programming interfaces (APIs) to perform the processing and transmission of voice traffic. Collapsing occurs whereby the proprietary hardware and software that once resided on proprietary network infrastructures are now being replaced by standard implementations, which eliminates the need for separate networks to carry both data and voice traffic. It also eliminates the requirement for separate software development infrastructures for the environments. This process is known as convergence where the processing and transmission of voice and data, and the software development process of both merge into one.
While convergence may mean a significant cost savings, it also opens a whole new area for security vulnerability not experienced before in the voice environment. Devices that previously had a limited amount of intelligence, such as traditional analog telephones are now being replaced by voice over packet (VOP) hardware phones or computing devices running VOP phone software. The VOP hardware phones and the computing devices running VOP phone software are computing devices that support many of the same standard IP services that traditional computing devices support. Along with this increased functionality comes increased security vulnerabilities.
Voice over packet (VOP) is a process for sending voice or video signals over the Internet or other communications networks, such as intranets. If the telephone signal is in analog form (voice or fax), the signal is first converted to a digital form. Packet-routing information is then added to the digital voice signal so the voice signal can be routed through the Internet or other data networks. VOP may include voice over internet protocol (VoIP), voice over asynchronous transfer mode (ATM), voice over frame relay, and VoIP over a wireless local area network (LAN). It may also include other protocols where voice may be transported over the protocol.
In addition to the increased security risks at the phone level, there are additional security risks for the exchanges that operate with the phones since they are also being replaced by computing devices running software that emulates exchange functionality. The trend is a migration towards computing devices or devices that may interact with other devices in a computing environment or network.
With this migration of functionality to commodity equipment or common devices, the security risks become more acute as software developers and others have access to voice elements in IP telephony for malicious purposes. Whereas software developers and others did not have this type of access to voice elements with a public switched telephone network (PSTN), and voice and data was separate, with convergence, both voice and data are exposed to security risks from software developers and others who want to do malicious harm.
In a security sensitive environment where confidentiality, integrity, and non-repudiation of data is important to an organization, standard services such as virtual private network (VPN) and encryption may be employed. However, due to the nature of VOP being both real-time and time sensitive, the standard services may not be able to be employed in the traditional manner. A measure of research may have to be performed in order to provide some modifications to these services in order for them to work properly.
In addition to the issues discussed above, since the voice infrastructure functionality is being emulated from start to finish by computing devices in software, standard IP support servers such as domain name system (DNS), dynamic host configuration protocol (DHCP), trivial file transfer protocol (TFTP), simple network time protocol (SNTP), web services, etc. are being used in IP telephony to process voice calls but are also encountering security risks. The security risks of these IP support servers are well known in the data transmission environment, and with the advent of convergence, all of these security risks will have to be mitigated for the VOP environment. As computing devices, the IP support servers are susceptible to any number of malicious attacks and this could greatly impact a network operating IP telephony.
For the reasons discussed above, it is important to examine the elements of an IP telephony environment to determine the security risks for each element. The IP telephony environment is dependent on IP network services. And while voice and data may coexist in the same network, they are not the same, and some of the data protection techniques used in the past may not work now. Voice has a significant amount of exposure to security risks due to the commoditization of computing devices to perform many of the voice processing functions. It also has a significant amount of exposure to security risks from being connected to an open network like the Internet. With the public switched telephone network (PSTN), the problems encountered now did not exist or existed minimally. The PSTN was and still is a proprietary or limited-access network.
A solution is needed that may evaluate the problems discussed above and make the computing devices more secure for IP telephony. The computing devices would become secure appliances in that they would perform their functions with a restricted and controlled access to their hardware and software. The idea is to isolate these computing devices associated with voice processing to reduce or mitigate security risks.